CyberSheathRemote
Compliance Engineer
United States of America
Full Time
2 weeks ago
$100,000 - $116,000 USD
Visa Sponsor
Key skills
PowerShellAzureActive DirectoryProject ManagementCommunicationFirewall
About this role
CyberSheath Services International LLC is a rapidly growing Managed Services Provider focused on providing CMMC Compliance and Cybersecurity services to the Defense Industrial Base. They are seeking a Compliance Engineer responsible for implementing and maintaining technical security controls required under the Cybersecurity Maturity Model Certification (CMMC) while collaborating with the compliance team and clients to ensure adherence to relevant standards and best practices.
Responsibilities:
- Implement, configure, and maintain security controls in line with CMMC requirements (e.g., GPOs, M365 tenant hardening, Intune, Conditional Access, Defender for Endpoint, SIEM)
- Collaborate with internal and external stakeholders to ensure ongoing compliance with CMMC standards
- Serve as the internal subject matter expert on CMMC-related technical questions and processes
- Design and deploy secure configurations for Microsoft 365, Azure, Azure Virtual Desktop, and the Microsoft Defender XDR suite
- Manage security baselines, conditional access policies, and monitoring/alerting configurations
- Coordinate with IT operations and security teams to remediate vulnerabilities and align with compliance objectives
- Utilize Active Directory, firewalls, and related security or network tools to ensure compliance and gather logs/artifacts as evidence
- Demonstrate the ability to log in, review configurations, and interpret outputs (e.g., system events, access logs, firewall logs) to support compliance documentation
- Work with cross-functional teams to update and maintain security configurations that align with CMMC requirements
- Gather, document, and maintain the artifacts necessary to demonstrate compliance (system configurations, implementation records, access control logs, and related evidence)
- Collaborate with cross-functional teams (IT, Security, DevOps) to validate and record operational and security processes in compliance with CMMC
- Provide expert guidance and support during client-facing CMMC audits, which may include up to 25% travel
- Communicate technical aspects of CMMC controls and remediation strategies clearly to both technical and non-technical audiences
- Represent the organization’s CMMC posture to external auditors, clients, and partners
- Execute security or IT controls that must take place outside standard business hours (e.g., evenings or weekends) to minimize disruption to production environments
- Coordinate with relevant teams to schedule and perform critical updates or implementations that require off-peak windows
- Document changes, communicate outcomes, and ensure smooth transitions back to normal operations
- Stay current on emerging threats, security trends, and CMMC updates; integrate these insights into ongoing compliance efforts
- Work closely with the dedicated compliance function to define, refine, and improve internal processes that align with CMMC requirements
- Identify opportunities to streamline technical controls, automate evidence collection, and enhance security posture
Requirements:
- Proven experience (3–5+ years) in implementing and managing technical security controls in Microsoft-focused environments
- Hands-on experience with Microsoft 365 Administration & Security (tenant hardening, identity & access management, conditional access)
- Hands-on experience with Azure & Azure Virtual Desktop (security configuration, monitoring, role-based access control)
- Hands-on experience with Microsoft Defender XDR Suite (Defender for Endpoint, Defender for Office 365, etc.)
- Hands-on experience with Group Policy Objects (GPOs) and Intune for device and application management
- Hands-on experience with Active Directory (managing user/groups, reviewing logs, applying group policies)
- Hands-on experience with Firewalls (configuring rules, reviewing logs, interpreting firewall outputs)
- Demonstrated track record of working with CMMC controls or similar regulatory/compliance frameworks (e.g., NIST 800-171, DFARS)
- Strong understanding of SIEM tools and security incident management workflows
- Excellent written and verbal communication skills, with the ability to present technical concepts to diverse audiences
- Strong organizational and project management skills, with an emphasis on attention to detail and follow-through
- Ability to work independently as well as collaboratively in a cross-functional team environment
- Willingness to work outside normal business hours when required
- Proficiency in scripting or automating compliance evidence gathering (e.g., PowerShell) is a plus
- Security+, CISSP, CISM, or similar professional security certifications
- Microsoft 365 and/or Azure certifications (e.g., MS-500, AZ-500) highly desirable
- Any CMMC-specific certifications or proven training credentials
- Customer-focused mindset and client-facing experience
- Ability to balance technical depth with broader compliance and business considerations
- Self-starter with a proactive approach to identifying and solving compliance challenges